Core™ QMS · 21 CFR Part 111

Quality Management, End-to-End

NCRs, SCARs, CAPAs, OOS, CoA, CCP Verification, and Customer Complaints - all wired together with a live audit trail that satisfies 21 CFR Part 111 and FSMA 204 requirements.

Request a Demo See the Quality ROI

🔴 NC Created

→

📋 SCAR Issued

→

✅ Supplier Response

→

🔬 CAPA Opened

→

📊 Effectiveness Review

→

🟢 Closed

Core™ Feature Set

Every QMS workflow your auditor expects

Built around a proven QMS framework - every workflow stage mapped to the actual regulatory requirement, with role-gated approvals at each step.

🔴

Nonconformance Records (NCR)

Capture nonconformances at receiving, production, or CCP checkpoints. Auto-generated NC numbers, photo attachments, severity classification, and escalation to SCAR or CAPA in one click.

Audit Tracked · Auto-Numbered

📬

SCAR Workflow

Structured supplier corrective action requests with 5-stage progression: issued, supplier response, operations review, effectiveness review, closed. 30-day supplier response SLA tracked automatically.

5-Stage Workflow

🔬

CAPA Records

CAPA records with 6-stage workflow, root cause analysis, corrective action description, responsible party assignment, and effectiveness review sign-off.

6-Stage Workflow

⚗️

Out-of-Spec (OOS) Tracking

Out-of-spec events linked to the originating test result, with disposition workflow and auto-escalation to CAPA when required by your protocol.

Auto-Escalates to CAPA

📜

Certificate of Analysis

Three CoA scenarios: Scenario A generates from batch test results, Scenario B from external lab data, Scenario C from specification only. QA approval gated, PDF delivery to customers, auto-linked to finished product lots.

QA Managed · A/B/C

🔩

CCP Verification Logs

Metal detector, magnet, and screener verifications with start/end range capture, standards checked (JSON), pass/fail/corrective action result. Abnormal finding automatically creates an NC record and halts the line.

Auto-Creates NC · Halts Line

💬

Customer Complaints

Customer complaints with +5 business day initial review SLA, retain sample review, batch record review, returned product tracking, root cause analysis, and CAPA linkage.

+5 Business Day SLA

🗂️

SOP Library

SOPs, Forms, and Programs organized by document type and category. Upload, version-track, and distribute - with SAS-URL secure downloads that expire after 1 hour.

Version Tracked · Secure Links

🔍

NC Investigations

Digital 9-section investigation workflow: five-whys root cause analysis, CAPA actions, effectiveness gate, and closure sign-off - all in a single linked record. Every section timestamped and audit logged.

9-Section Workflow

🔄

MOC Downstream & Annual Product Review

Management of Change triggers downstream actions - training assignments, SOP revision tasks, profile revision gates, and customer notification requirements. APR auto-populates from 8 live data sources: batches, yield, NCs, OOS, complaints, SCARs, CAPAs, and CoAs.

MOC · APR

🎓

Training Compliance & Onboarding

Cross-join compliance matrix showing every employee against every training program with expiry status. Employee onboarding workflow with 10-item checklist, sequential numbering, and overdue alerts to the dashboard.

Compass™

✍️

34 Electronic Signature Endpoints

Every approval action, lot release, CAPA sign-off, and SOP acknowledgment is backed by an electronic signature captured against the authenticated user identity. 34 dedicated signature endpoints across the platform. Every one timestamped, every one immutable.

34 E-Sig Endpoints

🔐

Role-Based Access Control

Every API endpoint is guarded at the middleware layer by role-based access control. Admins, quality managers, production operators, and read-only users each see only what their role permits. Access control is enforced server-side on every request, not just in the frontend.

Server-Side Enforcement

Audit Trail

Every action. Every user. Every timestamp.

Core™ writes a structured audit log entry for every state transition, field edit, approval, and archive action. Entries capture before/after JSON state, user identity, and UTC timestamp - exactly what FDA inspectors ask for.

Immutable audit log - no edits, no deletes
Before/after JSON state on every field change
Azure AD identity on every record
UTC timestamps throughout - no timezone ambiguity
Archived records preserved with archived_by and reason

Role Matrix

Right access for every team member

QA approvals require qa_manager or admin role. SCAR operations review is admin-only. Archive actions are always admin-only with no exceptions. Role enforcement is at the route middleware layer, not the UI.

QA approvals: qa_manager + admin only
CCP abnormal finding: creates NC automatically
CAPA sign-off: requires two distinct approvers
Archive routes: ADMIN_ONLY, no exceptions
All roles: admin, qa_manager, warehouse, production, commercial, purchasing

Real-World Use Case

What happens when a CCP fails?

CCP Log Entry

Operator logs metal detector check. Result: abnormal finding detected.

Auto NC Created

System auto-creates CCP-YY-XXXX nonconformance. QA is notified immediately.

Lot Quarantined

Affected inventory lot moves to Quarantine status. Cannot ship without QA release.

CAPA Opened

QA creates CAPA from NC record. Root cause analysis, corrective action, effectiveness tracking.

See Core™ QMS in a live demo

We'll walk through a real NC-to-CAPA-to-closure cycle using your product categories and supplier list.

Request a Demo Back to Platform